neyrizk
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: neyrizk Version: 1.0.0 The skill manages decentralized identities (DIDs) and sensitive private keys, storing them in '$HOME/.openclaw/billions/kms.json'. While aligned with its stated purpose, it exhibits high-risk behaviors including the potential for plaintext key storage (if the optional encryption key is not provided) and acting as a signing oracle for user-provided challenges. It also communicates with external infrastructure (billions.network and privado.id) to process identity attestations and resolve DIDs. These capabilities are powerful and could be abused if the agent is misdirected, though no clear evidence of intentional malice was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may be installing a repackaged or mislabeled identity tool, which makes it harder to trust who supplied the code that will handle keys and proofs.
The registry metadata for the evaluated package says the slug/name is "neyrizk", the source is unknown, and the owner/version differ; the bundled metadata identifies a different skill. For a credential-handling identity skill, this provenance mismatch is material.
"ownerId": "kn7b32r236rckzwn88kc1jqhcn81hzrv", "slug": "verified-agent-identity", "version": "1.2.8"
Verify the publisher and source against the official BillionsNetwork/verified-agent-identity project before installing or running any key-handling commands.
A local compromise or overly broad agent access could expose the agent identity key, and using an existing funded wallet key would increase the impact.
The skill stores private keys under the user's home directory and documents plaintext storage as the default when the optional master key is not set. It also supports importing an existing Ethereum private key.
`kms.json` | Private keys — per-entry versioned format; keys are plain or AES-256-GCM encrypted ... Not set | `"plain"` | Raw hex string
Use a dedicated key for this skill, set BILLIONS_NETWORK_MASTER_KMS_KEY before creating/importing identities, and protect $HOME/.openclaw/billions with appropriate local permissions.
Billions infrastructure will receive identity-linking request data as part of the verification workflow.
The human-agent linking flow embeds the signed JWS in a callback URL and posts the authorization request to the Billions shortener service. This is purpose-aligned, but it means signed identity proof material leaves the local machine.
const callback = callbackBase + jws; ... await fetch(`${urlShortener}/shortener`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(message) })Only run linking commands when you intend to use Billions verification, and avoid putting unnecessary sensitive details in the challenge name or description.
The skill may rely on an additional external service not highlighted in the network-policy section.
The README lists resolver.privado.id and billions.network as whitelisted domains, but the runtime configuration also includes a PolygonID revocation-status endpoint. This may be normal iden3 plumbing, but the documentation understates the network surface.
id: "https://rhs-staging.polygonid.me"
Document all external endpoints used or configured by the skill, including revocation/status services.